For the week ending 2021–05–14

A Resonance Calendar

Sources that have caught my attention and from which I’ve taken away something (that feels) important. In other words, something that resonates.
A few links with an excerpt from each.

Given the events of the past week, it is not surprising that reading list contains a lot on CyberSecurity. Although it’s not that evident in these selections, I have been particularly taken by the nature of security for cloud native applications.

The nature of cloud native applications composed of micro-services, containerized and orchestrated by likes of Kubernetes, have been among the most rational sounding arguments for service mesh and its use in implementing Zero Trust architecture internal to the application. While I am convinced that ZT architecture is the most reasonable solution for identity management and a major part of authentication management, I believe that most solutions labeling themselves “zero trust” are (conveniently ?) ignoring a number aspects. Regulation and business processes are just two aspects that determine authorization management. And, I’m not seeing vendor offerings that consider them ‘first class’ determinants of authorization.

You can expect to see a lot more on this topic in the Resonance Calendar, particularly as it addresses data security,

CyberSecurity

• Executive Order on Improving the Nation’s Cybersecurity | The White House

Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.

• The DoD Cybersecurity Policy Chart | CSIAC

The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems and data.

• Container Security — An O’Reilly Book

Container Security: Fundamental Technology Concepts that Protect Containerized Applications
An O’Reilly Animal Series Book written by Liz Rice

To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.
The book includes a Security Checklist covering items you should at least think about when considering how to secure your deployments running on containers.